CVE-2025-59956
MEDIUM EPSS 31.6%
Published Sep 30, 20259mo ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Published Sep 30, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago
Description
AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for the unauthorized exfiltration of sensitive user data, specifically local message history, which can include secret keys, file system contents, and intellectual property the user was working on locally. This issue is fixed in version 0.4.0.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability None
Threat Intelligence
EPSS Exploit Probability
31.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 2
CWE-290
CWE-350
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| coder | agentapi | * | <0.4.0 |
References 7
- github.blog https://github.blog/security/application-security/localhost-dangers-cors-and-dns-rebinding
- github.com https://github.com/coder/agentapi/commit/5c425c62447b8a9eac19e9fc5a2eae7f0803f149
- github.com https://github.com/coder/agentapi/pull/49
- github.com https://github.com/coder/agentapi/releases/tag/v0.4.0
- github.com https://github.com/coder/agentapi/security/advisories/GHSA-w64r-2g3w-w8w4
- mcpsec.dev https://mcpsec.dev/advisories/2025-09-19-coder-chat-exfiltration
- mcpsec.dev https://mcpsec.dev/advisories/2025-09-19-coder-chat-exfiltration/
Remediation
- github.com https://github.com/coder/agentapi/commit/5c425c62447b8a9eac19e9fc5a2eae7f0803f149
- github.com https://github.com/coder/agentapi/pull/49
- github.com https://github.com/coder/agentapi/security/advisories/GHSA-w64r-2g3w-w8w4